@RISK Newsletter for January 15, 2015

The consensus security vulnerability alert.

Vol. 15, Num. 2

This is a weekly newsletter that provides in-depth analysis of the latest vulnerabilities with straightforward remediation advice. Qualys supplies a large part of the newly-discovered vulnerability content used in this newsletter.

Title: Adobe Releases Security Bulletin Addressing Nine VulnerabilitiesIn Flash PlayerDescription: Adobe has released the first Flash Player security bulletinfor the year, addressing nine vulnerabilities. Flash Player versions11.2.202.425 and older, 13.0.0.259 and older, and 16.0.0.235 and olderare known to be vulnerable. Adobe is recommending users to upgrade tothe latest Flash Player to order to protect themselves.Reference: http://helpx.adobe.com/security/products/flash-player/apsb15-01.htmlSnort SID: Detection pending the release of vulnerability information

RECENT VULNERABILITIES FOR WHICH EXPLOITS ARE AVAILABLE COMPILED BY THE QUALYS VULNERABILITY RESEARCH TEAM

This is a list of recent vulnerabilities for which exploits areavailable. System administrators can use this list to help inprioritization of their remediation activities. The Qualys VulnerabilityResearch Team compiles this information based on various exploitframeworks, exploit databases, exploit kits and monitoring of internetactivity.

ID: CVE-2014-9583Title: ASUS WRT LAN Backdoor Command ExecutionVendor: ASUSDescription: common.c in infosvr in ASUS WRT firmware 3.0.0.4.376_1071,3.0.0.376.2524-g0013f52, and other versions, as used in RT-AC66U,RT-N66U, and other routers, does not properly check the MAC address fora request, which allows remote attackers to bypass authentication andexecute arbitrary commands via a NET_CMD_ID_MANU_CMD packet to UDP port

NOTE: this issue was incorrectly mapped to CVE-2014-10000, butthat ID is invalid due to its use as an example of the 2014 CVE IDsyntax change.CVSS v2 Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

ID: CVE-2014-8517Title: tnftp Command Execution VulnerabilityVendor: FreeBSDDescription: The fetch_url function in usr.bin/ftp/fetch.c in tnftp, asused in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6,and 6.1 through 6.1.5 allows remote attackers to execute arbitrarycommands via a | (pipe) character at the end of an HTTP redirect.CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

ID: CVE-2014-6271Title: Multiple Vendor Bash Remote Code Execution VulnerabilityVendor: Multiple VendorsDescription: GNU Bash through 4.3 processes trailing strings afterfunction definitions in the values of environment variables, whichallows remote attackers to execute arbitrary code via a craftedenvironment, as demonstrated by vectors involving the ForceCommandfeature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the ApacheHTTP Server, scripts executed by unspecified DHCP clients, and othersituations in which setting the environment occurs across a privilegeboundary from Bash execution, aka “ShellShock.” NOTE: the original fixfor this issue was incorrect; CVE-2014-7169 has been assigned to coverthe vulnerability that is still present after the incorrect fix.CVSS v2 Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)